diff --git a/29d4dee.patch b/29d4dee.patch deleted file mode 100644 index e78c62e..0000000 --- a/29d4dee.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 29d4dee508706a34b50c20d338b3f2d452446716 Mon Sep 17 00:00:00 2001 -From: Thomas Szteliga -Date: Mon, 21 Mar 2016 17:25:58 +0100 -Subject: [PATCH] Fixes #91 basename: invalid option -- 's'. - ---- - build/build-dist.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/build/build-dist.sh b/build/build-dist.sh -index 2f11fb2..dca4b9a 100755 ---- a/build/build-dist.sh -+++ b/build/build-dist.sh -@@ -88,7 +88,7 @@ stage_win() { - - for f in `ls $SRC_ROOT/doc/*.md`; - do -- fname=`basename -s .md $f` -+ fname=`basename $f .md` - python -m markdown $f > $DIST_ROOT/windows/$PV/doc/$fname.html - done - diff --git a/3.0.1.tar.gz b/3.0.1.tar.gz deleted file mode 100644 index fa28f63..0000000 --- a/3.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1fff75a27ea7da3f37fbfed715633f55b9ca25f5b14cac38e525c5c995e68ae -size 44242 diff --git a/4eac410.patch b/4eac410.patch deleted file mode 100644 index 2f55e70..0000000 --- a/4eac410.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4eac410bce13a4730aa160ba48e6fa0aef7edd7c Mon Sep 17 00:00:00 2001 -From: azvyagintsev -Date: Tue, 4 Jul 2017 20:14:57 +0300 -Subject: [PATCH] Fix string comprehension - - - "[[" syntax work only in "Bash" ---- - easyrsa3/easyrsa | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index e004e2b..901a52f 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -641,8 +641,7 @@ $(display_dn req "$req_in") - - # If type is server and no subjectAltName was requested, - # add one to the extensions file -- if [[ "$crt_type" == 'server' ]] -- then -+ if [ "$crt_type" = 'server' ]; then - echo "$EASYRSA_EXTRA_EXTS" | - grep -q subjectAltName || - print $(default_server_san "$req_in") -@@ -941,8 +940,7 @@ default_server_san() { - awk -F'=' '/^ *CN=/{print $2}' - ) - echo "$cn" | egrep -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' -- if [[ $? -eq 0 ]] -- then -+ if [ $? -eq 0 ]; then - print "subjectAltName = IP:$cn" - else - print "subjectAltName = DNS:$cn" diff --git a/534f673.patch b/534f673.patch deleted file mode 100644 index 0cac058..0000000 --- a/534f673.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 534f67345997603e3b1fbf6b673bbaa65937019e Mon Sep 17 00:00:00 2001 -From: Olav Reinert -Date: Mon, 5 Jun 2017 23:30:57 +0200 -Subject: [PATCH] Make $PWD/pki the default PKI location - ---- - doc/EasyRSA-Advanced.md | 3 ++- - easyrsa3/easyrsa | 14 ++++++++------ - 2 files changed, 10 insertions(+), 7 deletions(-) - -diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md -index 64b29ae..1bd8c29 100644 ---- a/doc/EasyRSA-Advanced.md -+++ b/doc/EasyRSA-Advanced.md -@@ -34,6 +34,7 @@ Configuration Reference - 1. File referenced by the --vars CLI option - 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` - 3. The `EASYRSA_PKI` directory -+ 4. The default PKI directory at $PWD/pki (usually will be the same as above) - 4. The `EASYRSA` directory - 5. The location of the easyrsa program (usually will be the same as above) - -@@ -80,7 +81,7 @@ possible terse description is shown below: - * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD - * `EASYRSA_OPENSSL` - command to invoke openssl - * `EASYRSA_SSL_CONF` - the openssl config file to use -- * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files -+ * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. - * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to - alter the fields to include in the req DN - * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 088faeb..8adc8fc 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -989,13 +989,15 @@ vars_setup() { - - # set up program path - local prog_vars="${0%/*}/vars" -+ # set up PKI path -+ local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - - # command-line path: - if [ -f "$EASYRSA_VARS_FILE" ]; then - vars="$EASYRSA_VARS_FILE" -- # EASYRSA_PKI, if defined: -- elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then -- vars="$EASYRSA_PKI/vars" -+ # PKI location, if present: -+ elif [ -f "$pki_vars" ]; then -+ vars="$pki_vars" - # EASYRSA, if defined: - elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then - vars="$EASYRSA/vars" -@@ -1013,9 +1015,9 @@ Note: using Easy-RSA configuration from: $vars" - fi - - # Set defaults, preferring existing env-vars if present -- set_var EASYRSA "$PWD" -+ set_var EASYRSA "${0%/*}" - set_var EASYRSA_OPENSSL openssl -- set_var EASYRSA_PKI "$EASYRSA/pki" -+ set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only - set_var EASYRSA_REQ_COUNTRY "US" - set_var EASYRSA_REQ_PROVINCE "California" -@@ -1225,4 +1227,4 @@ case "$cmd" in - ;; - esac - --# vim: ft=sh nu ai sw=8 ts=8 -+# vim: ft=sh nu ai sw=8 ts=8 noet diff --git a/6436eaf.patch b/6436eaf.patch deleted file mode 100644 index eaac82c..0000000 --- a/6436eaf.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6436eaf8c1e5e3c44d23c1c7a0a5fef14f19d375 Mon Sep 17 00:00:00 2001 -From: Martin Schmitt -Date: Fri, 30 Jun 2017 16:12:13 +0200 -Subject: [PATCH] Add CN as SAN (if none requested) on server certs by default - ---- - easyrsa3/easyrsa | 25 +++++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 088faeb..f5ec797 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -627,6 +627,15 @@ $(display_dn req "$req_in") - esac - fi - -+ # If type is server and no subjectAltName was requested, -+ # add one to the extensions file -+ if [[ "$crt_type" == 'server' ]] -+ then -+ echo "$EASYRSA_EXTRA_EXTS" | -+ grep -q subjectAltName || -+ print $(default_server_san "$req_in") -+ fi -+ - # Add any advanced extensions supplied by env-var: - [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" - -@@ -923,6 +932,22 @@ display_dn() { - print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)" - } # => display_dn() - -+# generate default SAN from req/X509, passed by full pathname -+default_server_san() { -+ local path="$1" -+ local cn=$( -+ "$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline | -+ awk -F'=' '/^ *CN=/{print $2}' -+ ) -+ echo "$cn" | egrep -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' -+ if [[ $? -eq 0 ]] -+ then -+ print "subjectAltName = IP:$cn" -+ else -+ print "subjectAltName = DNS:$cn" -+ fi -+} # => default_server_san() -+ - # verify a file seems to be a valid req/X509 - verify_file() { - local format="$1" path="$2" diff --git a/83a1a21.patch b/83a1a21.patch deleted file mode 100644 index 9e0fe6b..0000000 --- a/83a1a21.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 83a1a21e7a90e8666498dec2fa35ee5b8f67920c Mon Sep 17 00:00:00 2001 -From: Eric F Crist -Date: Tue, 22 Aug 2017 20:52:26 -0500 -Subject: [PATCH] Add --copy-ext option - -Adding the --copy-ext option to copy request extension data. This will -resolve #60 and other Subject Alternative Name "issues" that have been -created. - -Signed-off-by: Eric F Crist ---- - easyrsa3/easyrsa | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 81618d3..55de809 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -199,6 +199,7 @@ Certificate & Request options: (these impact cert/req field values) - ./easyrsa help altname - --use-algo=ALG : crypto alg to use: choose rsa (default) or ec - --curve=NAME : for elliptic curve, sets the named curve to use -+--copy-ext : Copy included request X509 extensions (namely subjAltName - - Organizational DN options: (only used with the 'org' DN mode) - (values may be blank for org DN options) -@@ -623,6 +624,8 @@ $(display_dn req "$req_in") - # Append first any COMMON file (if present) then the cert-type extensions - cat "$EASYRSA_EXT_DIR/COMMON" - cat "$EASYRSA_EXT_DIR/$crt_type" -+ # copy req extensions -+ [ $EASYRSA_CP_EXT ] && print "copy_extensions = copy" - - # Support a dynamic CA path length when present: - [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \ -@@ -1063,6 +1066,7 @@ Note: using Easy-RSA configuration from: $vars" - set_var EASYRSA_TEMP_FILE_3 "" - set_var EASYRSA_REQ_CN ChangeMe - set_var EASYRSA_DIGEST sha256 -+ set_var EASYRSA_CP_EXT 0 - - # Detect openssl config, preferring EASYRSA_PKI over EASYRSA - if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then -@@ -1165,6 +1169,8 @@ while :; do - export EASYRSA_SUBCA_LEN="$val" ;; - --vars) - export EASYRSA_VARS_FILE="$val" ;; -+ --copy-ext) -+ export EASYRSA_CP_EXT=1 ;; - --subject-alt-name) - export EASYRSA_EXTRA_EXTS="\ - $EASYRSA_EXTRA_EXTS diff --git a/a138c0d.patch b/a138c0d.patch deleted file mode 100644 index 8771a46..0000000 --- a/a138c0d.patch +++ /dev/null @@ -1,22 +0,0 @@ -From a138c0d83b0ff1feed385c5d2d7a1c25422fe04d Mon Sep 17 00:00:00 2001 -From: Uwe Hermann -Date: Sat, 19 Aug 2017 18:17:43 +0200 -Subject: [PATCH] Fix incorrect "openssl rand" usage (#138). - ---- - easyrsa3/easyrsa | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index e004e2b..f73b375 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -572,7 +572,7 @@ sign_req() { - # Randomize Serial number - local i= serial= check_serial= - for i in 1 2 3 4 5; do -- "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -+ "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial 16" - serial="$(cat "$EASYRSA_PKI/serial")" - check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" - case "$check_serial" in diff --git a/b75faa4.patch b/b75faa4.patch deleted file mode 100644 index db63ef0..0000000 --- a/b75faa4.patch +++ /dev/null @@ -1,102 +0,0 @@ -From b75faa475f22af55202d4b2be429cd30f16f15ac Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= -Date: Wed, 22 Jun 2016 18:51:48 +0300 -Subject: [PATCH] Convert README and COPYING into markdown files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Samuli Seppänen ---- - COPYING => COPYING.md | 5 +++-- - README => README.md | 25 +++++++++++++------------ - 2 files changed, 16 insertions(+), 14 deletions(-) - rename COPYING => COPYING.md (91%) - rename README => README.md (68%) - -diff --git a/COPYING b/COPYING.md -similarity index 91% -rename from COPYING -rename to COPYING.md -index 25b910e..39bce08 100644 ---- a/COPYING -+++ b/COPYING.md -@@ -1,15 +1,16 @@ - Easy-RSA -- A Shell-based CA Utility -+==================================== - - Copyright (C) 2013 by the Open-Source OpenVPN development community - --Easy-RSA 3 license: GPLv2: -+Easy-RSA 3 license: GPLv2 - ------------------------- - - All the Easy-RSA code contained in this project falls under a GPLv2 license with - full text available in the Licensing/ directory. Additional components used by - this project fall under additional licenses: - --Additional licenses for external components: -+Additional licenses for external components - ------------------------------------------- - - The following components are under different licenses; while not part of the -diff --git a/README b/README.md -similarity index 68% -rename from README -rename to README.md -index 325e7e6..5a574e5 100644 ---- a/README -+++ b/README.md -@@ -1,39 +1,40 @@ --OVERVIEW: -+# Overview -+ - easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, - this means to create a root certificate authority, and request and sign - certificates, including sub-CAs and certificate revokation lists (CRL). - --DOWNLOADS: -+# Downloads - - If you are looking for release downloads, please see the releases section on - GitHub. Releases are also available as source checkouts using named tags. - --DOCUMENTATION: -+# Documentation - --For 3.x project documentation and usage, see the README.quickstart.md file or -+For 3.x project documentation and usage, see the [README.quickstart.md](README.quickstart.md) file or - the more detailed docs under the doc/ directory. The .md files are in Markdown - format and can be converted to html files as desired for release packages, or - read as-is in plaintext. - --GETTING HELP USING EASY-RSA: -+# Getting help using easy-rsa - - Currently, Easy-RSA development co-exists with OpenVPN even though they are - separate projects. The following resources are good places as of this writing to - seek help using Easy-RSA: - --The openvpn-users mailing list is a good place to post usage or help questions: --https://lists.sourceforge.net/lists/listinfo/openvpn-users -+The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users) -+is a good place to post usage or help questions. - - You can also try IRC at Freenode/#openvpn - --BRANCH STRUCTURE: -+# Branch structure - - The easy-rsa master branch is currently tracking development for the 3.x release - cycle. The prior 2.x and 1.x versions are available as release branches for - tracking and possible back-porting of relevant fixes. Branch layout is: - -- master <- 3.x, at present -- release/2.x -- release/1.x -+ master <- 3.x, at present -+ release/2.x -+ release/1.x - --LICENSING info for 3.x is in the COPYING file -+LICENSING info for 3.x is in the [COPYING.md](COPYING.md) file diff --git a/b93d0a1.patch b/b93d0a1.patch deleted file mode 100644 index dca40a2..0000000 --- a/b93d0a1.patch +++ /dev/null @@ -1,80 +0,0 @@ -From b93d0a16759137d68f6ffbf9fd41e9de23eacb71 Mon Sep 17 00:00:00 2001 -From: Drew Anderson -Date: Mon, 9 May 2016 10:24:02 +1000 -Subject: [PATCH] spelling fixes and setence structure improvements - ---- - doc/EasyRSA-Advanced.md | 2 +- - doc/EasyRSA-Readme.md | 6 +++--- - doc/EasyRSA-Upgrade-Notes.md | 2 +- - doc/Intro-To-PKI.md | 2 +- - 4 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md -index 6406946..64b29ae 100644 ---- a/doc/EasyRSA-Advanced.md -+++ b/doc/EasyRSA-Advanced.md -@@ -108,7 +108,7 @@ possible terse description is shown below: - extensions - * `EASYRSA_REQ_CN` (CLI: `--req-cn`) - default CN, necessary to set in BATCH - mode -- * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash diget to use for req/cert -+ * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash digest to use for req/cert - signing - * `EASYRSA_BATCH` (CLI: `--batch`) - enable batch (no-prompt) mode; set - env-var to non-zero string to enable (CLI takes no options) -diff --git a/doc/EasyRSA-Readme.md b/doc/EasyRSA-Readme.md -index 568c3a6..bece589 100644 ---- a/doc/EasyRSA-Readme.md -+++ b/doc/EasyRSA-Readme.md -@@ -74,7 +74,7 @@ Obtaining and Using Easy-RSA - General usage and command help can be shown with: - - ./easyrsa help [ command ] -- -+ - When run without any command, general usage and a list of available commands - are shown; when a command is supplied, detailed help output for that command - is shown. -@@ -135,7 +135,7 @@ you need a more basic description of how a PKI works. - - When building a CA, a number of new files are created by a combination of - Easy-RSA and (indirectly) openssl. The important CA files are: -- -+ - * `ca.crt` - This is the CA certificate - * `index.txt` - This is the "master database" of all issued certs - * `serial` - Stores the next serial number (serial numbers increment) -@@ -224,7 +224,7 @@ Easy-RSA can generate a keypair and request with the following command: - ./easyrsa gen-req nameOfRequest - - You will then be given a chance to modify the Subject details of your request. --By default Easy-RSA uses the short name supplied on the command-line, though you -+Easy-RSA uses the short name supplied on the command-line by default, though you - are free to change it if necessary. After providing a passphrase and Subject - details, the keypair and request files will be shown. - -diff --git a/doc/EasyRSA-Upgrade-Notes.md b/doc/EasyRSA-Upgrade-Notes.md -index f5c1514..6cc6df2 100644 ---- a/doc/EasyRSA-Upgrade-Notes.md -+++ b/doc/EasyRSA-Upgrade-Notes.md -@@ -54,5 +54,5 @@ Easy-RSA 3 has some new concepts compared to the prior v2 series. - generation as the requester doesn't need to know the CA's values in advance. - - Previously in v2, the Country, State, and Org values all had to match or a -- request couldn't be signed. If you want the old behavior your can change the -+ request couldn't be signed. If you want the old behavior you can change the - OpenSSL config to require it or simply look over the DN at signing time. -diff --git a/doc/Intro-To-PKI.md b/doc/Intro-To-PKI.md -index cd8217b..ea56629 100644 ---- a/doc/Intro-To-PKI.md -+++ b/doc/Intro-To-PKI.md -@@ -37,7 +37,7 @@ PKI mixed in with one used to generate end-entity certificates, such as clients - or servers (VPN or web servers.) - - To start a new PKI, the CA is first created on the secure environment. --Depending on security needs, this could managed under a locked down account, -+Depending on security needs, this could be managed under a locked down account, - dedicated system, or even a completely offline system or using removable media - to improve security (after all, you can't suffer an online break-in if your - system or PKI is not online.) The exact steps to create a CA are described in a diff --git a/d20d2b3.patch b/d20d2b3.patch deleted file mode 100644 index 9e38943..0000000 --- a/d20d2b3.patch +++ /dev/null @@ -1,85 +0,0 @@ -From d20d2b3c06baed2fc4e098b12331fd203e723f91 Mon Sep 17 00:00:00 2001 -From: Olav Reinert -Date: Thu, 27 Jul 2017 08:27:27 +0200 -Subject: [PATCH] Update docs and examples to fit changes in 534f673 - ---- - doc/EasyRSA-Advanced.md | 14 +++++++------- - easyrsa3/vars.example | 17 ++++++++++++----- - 2 files changed, 19 insertions(+), 12 deletions(-) - -diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md -index 1bd8c29..5bcd526 100644 ---- a/doc/EasyRSA-Advanced.md -+++ b/doc/EasyRSA-Advanced.md -@@ -31,12 +31,12 @@ Configuration Reference - The following locations are checked, in this order, for a vars file. Only the - first one found is used: - -- 1. File referenced by the --vars CLI option -+ 1. The file referenced by the --vars CLI option - 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` -- 3. The `EASYRSA_PKI` directory -- 4. The default PKI directory at $PWD/pki (usually will be the same as above) -- 4. The `EASYRSA` directory -- 5. The location of the easyrsa program (usually will be the same as above) -+ 3. The directory referenced by the `EASYRSA_PKI` env-var -+ 4. The default PKI directory at $PWD/pki -+ 4. The directory referenced by the `EASYRSA` env-var -+ 5. The directory containing the easyrsa program - - Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars - file in all cases, including defining it subsequently as a global option. -@@ -78,10 +78,10 @@ Environmental Variables Reference - A list of env-vars, any matching global option (CLI) to set/override it, and a - possible terse description is shown below: - -- * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD -+ * `EASYRSA` - should point to the Easy-RSA top-level dir, where the easyrsa script is located. - * `EASYRSA_OPENSSL` - command to invoke openssl - * `EASYRSA_SSL_CONF` - the openssl config file to use -- * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. -+ * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, defaults to $PWD/pki. - * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to - alter the fields to include in the req DN - * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode -diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example -index 2c444d8..c439cba 100644 ---- a/easyrsa3/vars.example -+++ b/easyrsa3/vars.example -@@ -39,10 +39,15 @@ fi - - # DO YOUR EDITS BELOW THIS POINT - --# This variable should point to the top level of the easy-rsa tree. By default, --# this is taken to be the directory you are currently in. -+# This variable is used as the base location of configuration files needed by -+# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF) -+# may override this default. -+# -+# The default value of this variable is the location of the easyrsa script -+# itself, which is also where the configuration files are located in the -+# easy-rsa tree. - --#set_var EASYRSA "$PWD" -+#set_var EASYRSA "${0%/*}" - - # If your OpenSSL command is not in the system PATH, you will need to define the - # path to it here. Normally this means a full path to the executable, otherwise -@@ -57,12 +62,14 @@ fi - # This sample is in Windows syntax -- edit it for your path if not using PATH: - #set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" - --# Edit this variable to point to your soon-to-be-created key directory. -+# Edit this variable to point to your soon-to-be-created key directory. By -+# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the -+# directory you are currently in). - # - # WARNING: init-pki will do a rm -rf on this directory so make sure you define - # it correctly! (Interactive mode will prompt before acting.) - --#set_var EASYRSA_PKI "$EASYRSA/pki" -+#set_var EASYRSA_PKI "$PWD/pki" - - # Define X509 DN mode. - # This is used to adjust what elements are included in the Subject field as the DN diff --git a/e9e8e27.patch b/e9e8e27.patch deleted file mode 100644 index e2f518a..0000000 --- a/e9e8e27.patch +++ /dev/null @@ -1,50 +0,0 @@ -From e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d Mon Sep 17 00:00:00 2001 -From: Martin Schmitt -Date: Fri, 30 Jun 2017 17:04:31 +0200 -Subject: [PATCH] Moved @ValdikSS's serial randomization to sign_req - ---- - easyrsa3/easyrsa | 23 ++++++++++++----------- - 1 file changed, 12 insertions(+), 11 deletions(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index f5ec797..cff63f2 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -569,6 +569,18 @@ sign_req() { - local req_in="$EASYRSA_PKI/reqs/$2.req" - local crt_out="$EASYRSA_PKI/issued/$2.crt" - -+ # Randomize Serial number -+ local i= serial= check_serial= -+ for i in 1 2 3 4 5; do -+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -+ serial="$(cat "$EASYRSA_PKI/serial")" -+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" -+ case "$check_serial" in -+ *"not present in db"*) break ;; -+ *) continue ;; -+ esac -+ done -+ - # Support batch by internal caller: - [ "$3" = "batch" ] && local EASYRSA_BATCH=1 - -@@ -661,17 +673,6 @@ Certificate created at: $crt_out - build_full() { - verify_ca_init - -- local i= serial= check_serial= -- for i in 1 2 3 4 5; do -- "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -- serial="$(cat "$EASYRSA_PKI/serial")" -- check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" -- case "$check_serial" in -- *"not present in db"*) break ;; -- *) continue ;; -- esac -- done -- - # pull filename base: - [ -n "$2" ] || die "\ - Error: didn't find a file base name as the first argument. diff --git a/easy-rsa.changes b/easy-rsa.changes index 7c6fca1..d618c47 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Mon Oct 16 06:38:49 UTC 2017 - seroton10@gmail.com + +- Update to version 3.0.3 +- Rename easy-rsa-packaging.patch to suse-packaging.patch +- Remove obsolete upstream patches: + * f174800.patch + * 29d4dee.patch + * b93d0a1.patch + * fb4d8d8.patch + * b75faa4.patch + * 6436eaf.patch + * e9e8e27.patch + * 534f673.patch + * d20d2b3.patch + * 4eac410.patch + * a138c0d.patch + * 83a1a21.patch + + ------------------------------------------------------------------- Wed Aug 23 09:06:23 UTC 2017 - seroton10@gmail.com diff --git a/easy-rsa.spec b/easy-rsa.spec index 0e67f88..afb5136 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -18,40 +18,14 @@ Name: easy-rsa -Version: 3.0.1 +Version: 3.0.3 Release: 0 Summary: CLI utility to build and manage a PKI CA License: GPL-2.0 Group: Productivity/Networking/Security Url: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/easy-rsa/archive/%{version}.tar.gz -# Fixed upstream issues -# Generate random serial number for all certificates -Patch0: https://github.com/OpenVPN/easy-rsa/commit/f174800.patch -# Fixes #91 basename: invalid option -- 's'. -Patch1: https://github.com/OpenVPN/easy-rsa/commit/29d4dee.patch -# spelling fixes and setence structure improvements -Patch2: https://github.com/OpenVPN/easy-rsa/commit/b93d0a1.patch -# Fix comment indicating the end of the function verify_file() comment. -Patch3: https://github.com/OpenVPN/easy-rsa/commit/fb4d8d8.patch -# Convert README and COPYING into markdown files -Patch4: https://github.com/OpenVPN/easy-rsa/commit/b75faa4.patch -# Add CN as SAN (if none requested) on server certs by default -Patch5: https://github.com/OpenVPN/easy-rsa/commit/6436eaf.patch -# Moved @ValdikSS's serial randomization to sign_req -Patch6: https://github.com/OpenVPN/easy-rsa/commit/e9e8e27.patch -# Make $PWD/pki the default PKI location -Patch7: https://github.com/OpenVPN/easy-rsa/commit/534f673.patch -# Update docs and examples to fit changes in 534f673 -Patch8: https://github.com/OpenVPN/easy-rsa/commit/d20d2b3.patch -# Fix string comprehension -Patch9: https://github.com/OpenVPN/easy-rsa/commit/4eac410.patch -# Fix incorrect "openssl rand" usage -Patch10: https://github.com/OpenVPN/easy-rsa/commit/a138c0d.patch -# Add --copy-ext option -Patch11: https://github.com/OpenVPN/easy-rsa/commit/83a1a21.patch -# openSUSE specific -Patch100: easy-rsa-packaging.patch +Source: https://github.com/OpenVPN/easy-rsa/archive/v%{version}.tar.gz +Patch100: suse-packaging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -62,27 +36,8 @@ certificates, including sub-CAs and certificate revokation lists (CRL). %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 %patch100 -p0 -# Add this for SLE11, patch tool can't rename file. -# Next release we should publish .md documentation. -%if 0%{?sles_version} > 0 && 0%{?sles_version} < 12 -mv -v COPYING COPYING.md -mv -v README README.md -%endif - %build %install diff --git a/f174800.patch b/f174800.patch deleted file mode 100644 index c748573..0000000 --- a/f174800.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d309c6aaa23f661ccd2563df6a184e1351293b61 Mon Sep 17 00:00:00 2001 -From: ValdikSS -Date: Mon, 11 Jan 2016 01:53:32 +0300 -Subject: [PATCH] Generate random serial number for all certificates - ---- - easyrsa3/easyrsa | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 6fec288..bcb3aeb 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -652,6 +652,17 @@ Certificate created at: $crt_out - build_full() { - verify_ca_init - -+ local i= serial= check_serial= -+ for i in 1 2 3 4 5; do -+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -+ serial="$(cat "$EASYRSA_PKI/serial")" -+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" -+ case "$check_serial" in -+ *"not present in db"*) break ;; -+ *) continue ;; -+ esac -+ done -+ - # pull filename base: - [ -n "$2" ] || die "\ - Error: didn't find a file base name as the first argument. diff --git a/fb4d8d8.patch b/fb4d8d8.patch deleted file mode 100644 index 509fb3a..0000000 --- a/fb4d8d8.patch +++ /dev/null @@ -1,23 +0,0 @@ -From fb4d8d8e26dd83b0782a3e92fded1cd9ca3aa0cd Mon Sep 17 00:00:00 2001 -From: Jiri Tyr -Date: Tue, 21 Jun 2016 14:16:45 +0100 -Subject: [PATCH] Fix comment indicating the end of the function - -This patch corrects the comment indicating the end of the `verify_file()` function. ---- - easyrsa3/easyrsa | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index bcb3aeb..088faeb 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -928,7 +928,7 @@ verify_file() { - local format="$1" path="$2" - "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 - return 0 --} # => verify_x509() -+} # => verify_file() - - # show-* command backend - # Prints req/cert details in a readable format diff --git a/easy-rsa-packaging.patch b/suse-packaging.patch similarity index 100% rename from easy-rsa-packaging.patch rename to suse-packaging.patch diff --git a/v3.0.3.tar.gz b/v3.0.3.tar.gz new file mode 100644 index 0000000..f866f32 --- /dev/null +++ b/v3.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3e41c0dfebe04332cdc07f13bf48a69e25dfc31d059e94071a9cfb9f3bba6f9a +size 636592